LCOV - code coverage report
Current view: top level - httpd/auth/container - HttpsClientSslCertAuthFilter.java (source / functions) Hit Total Coverage
Test: _coverage_report.dat Lines: 0 25 0.0 %
Date: 2022-11-19 15:00:39 Functions: 0 5 0.0 % 

          Line data    Source code
       1             : // Copyright (C) 2010 The Android Open Source Project
       2             : //
       3             : // Licensed under the Apache License, Version 2.0 (the "License");
       4             : // you may not use this file except in compliance with the License.
       5             : // You may obtain a copy of the License at
       6             : //
       7             : // http://www.apache.org/licenses/LICENSE-2.0
       8             : //
       9             : // Unless required by applicable law or agreed to in writing, software
      10             : // distributed under the License is distributed on an "AS IS" BASIS,
      11             : // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
      12             : // See the License for the specific language governing permissions and
      13             : // limitations under the License.
      14             : 
      15             : package com.google.gerrit.httpd.auth.container;
      16             : 
      17             : import com.google.gerrit.extensions.registration.DynamicItem;
      18             : import com.google.gerrit.httpd.WebSession;
      19             : import com.google.gerrit.server.account.AccountException;
      20             : import com.google.gerrit.server.account.AccountManager;
      21             : import com.google.gerrit.server.account.AuthRequest;
      22             : import com.google.gerrit.server.account.AuthResult;
      23             : import com.google.inject.Inject;
      24             : import com.google.inject.Singleton;
      25             : import java.io.IOException;
      26             : import java.security.cert.X509Certificate;
      27             : import java.util.regex.Matcher;
      28             : import java.util.regex.Pattern;
      29             : import javax.servlet.Filter;
      30             : import javax.servlet.FilterChain;
      31             : import javax.servlet.FilterConfig;
      32             : import javax.servlet.ServletException;
      33             : import javax.servlet.ServletRequest;
      34             : import javax.servlet.ServletResponse;
      35             : 
      36             : @Singleton
      37             : class HttpsClientSslCertAuthFilter implements Filter {
      38           0 :   private static final Pattern REGEX_USERID = Pattern.compile("CN=([^,]*)");
      39             : 
      40             :   private final DynamicItem<WebSession> webSession;
      41             :   private final AccountManager accountManager;
      42             :   private final AuthRequest.Factory authRequestFactory;
      43             : 
      44             :   @Inject
      45             :   HttpsClientSslCertAuthFilter(
      46             :       final DynamicItem<WebSession> webSession,
      47             :       AccountManager accountManager,
      48           0 :       final AuthRequest.Factory authRequestFactory) {
      49           0 :     this.webSession = webSession;
      50           0 :     this.accountManager = accountManager;
      51           0 :     this.authRequestFactory = authRequestFactory;
      52           0 :   }
      53             : 
      54             :   @Override
      55           0 :   public void destroy() {}
      56             : 
      57             :   @Override
      58             :   public void doFilter(ServletRequest req, ServletResponse rsp, FilterChain chain)
      59             :       throws IOException, ServletException {
      60           0 :     X509Certificate[] certs =
      61           0 :         (X509Certificate[]) req.getAttribute("javax.servlet.request.X509Certificate");
      62           0 :     if (certs == null || certs.length == 0) {
      63           0 :       throw new ServletException(
      64             :           "Couldn't get the attribute javax.servlet.request.X509Certificate from the request");
      65             :     }
      66           0 :     String name = certs[0].getSubjectDN().getName();
      67           0 :     Matcher m = REGEX_USERID.matcher(name);
      68             :     String userName;
      69           0 :     if (m.find()) {
      70           0 :       userName = m.group(1);
      71             :     } else {
      72           0 :       throw new ServletException("Couldn't extract username from your certificate");
      73             :     }
      74           0 :     final AuthRequest areq = authRequestFactory.createForUser(userName);
      75             :     final AuthResult arsp;
      76             :     try {
      77           0 :       arsp = accountManager.authenticate(areq);
      78           0 :     } catch (AccountException e) {
      79           0 :       throw new ServletException("Unable to authenticate user \"" + userName + "\"", e);
      80           0 :     }
      81           0 :     webSession.get().login(arsp, true);
      82           0 :     chain.doFilter(req, rsp);
      83           0 :   }
      84             : 
      85             :   @Override
      86           0 :   public void init(FilterConfig arg0) throws ServletException {}
      87             : }

Generated by: LCOV version 1.16+git.20220603.dfeb750